How to read and understand a data breach notice

Data breaches occur in all manner of ways. Malicious hacks are common, but mistakes and misconfigurations happen, data gets improperly shared, lost, or destroyed, or inadvertently made public to the internet and forgotten about.

Decoding the contents of a data breach notice is crucial in helping you gauge your own potential risk in the aftermath of a hack, and to understand what, if anything, you need to do next, such as changing passwords, alerting banks, and freezing credit. From a security defender's perspective, it can also be helpful to know the context behind a data breach notice to learn from any mistakes and to prevent potential future incidents.

I likely don't need to tell you (since we're all regular recipients of data breach notices) that these notices are more often than not barebones, scant on details, and rely on you having to piece the story together with whatever scraps you can find from any news reporting — if you're lucky. 

As a journalist who has covered hacks and data breaches for close to two-decades and read literally thousands of data breach notifications during my career, in this article I will show you how to identify what to look out for in a breach notice and what to ignore; what you can learn from even the most basic notices; and the best places you can look to find more information.